commit 5f3e2bf008 upstream.
Some TCP peers announce a very small MSS option in their SYN and/or
SYN/ACK messages.
This forces the stack to send packets with a very high network/cpu
overhead.
Linux has enforced a minimal value of 48. Since this value includes
the size of TCP options, and that the options can consume up to 40
bytes, this means that each segment can include only 8 bytes of payload.
In some cases, it can be useful to increase the minimal value
to a saner value.
We still let the default to 48 (TCP_MIN_SND_MSS), for compatibility
reasons.
Note that TCP_MAXSEG socket option enforces a minimal value
of (TCP_MIN_MSS). David Miller increased this minimal value
in commit c39508d6f1 ("tcp: Make TCP_MAXSEG minimum more correct.")
from 64 to 88.
We might in the future merge TCP_MIN_SND_MSS and TCP_MIN_MSS.
CVE-2019-11479 -- tcp mss hardcoded to 48
Signed-off-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Jonathan Looney <jtl@netflix.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Bruce Curtis <brucec@netflix.com>
Cc: Jonathan Lemon <jonathan.lemon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In future it will be modified to support more rockchip platforms.
Change-Id: I5cd7ce555eefe08b12fbfcda8ef445c4b169e8c6
Signed-off-by: Finley Xiao <finley.xiao@rock-chips.com>
This adds the necessary data for handling dfi on the rk3328.
Change-Id: Id870f78dad3ddd6cb5771674a4e8905322f9e8ef
Signed-off-by: CanYang He <hcy@rock-chips.com>
This adds the necessary data for handling dfi on the rk3128.
Access the dfi via registers provided by GRF (general register
files) module.
Change-Id: Ife9e9987224088434e878102b7d1c3b132e761ad
Signed-off-by: Liang Chen <cl@rock-chips.com>
This adds the necessary data for handling dfi on the rk3288.
Access the dfi via registers provided by GRF (general register
files) module.
Change-Id: Ic7241af3c20a269ab362055dea04d260e01c50de
Signed-off-by: Tang Yun ping <typ@rock-chips.com>
This adds the necessary data for handling dfi on the rk3368.
Access the dfi via registers provided by GRF (general register
files) module.
Change-Id: I96c2b4dcd34d90731b749ebdbe6922f01559d8e6
Signed-off-by: Finley Xiao <finley.xiao@rock-chips.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlz8soUACgkQONu9yGCS
aT5o7w//cc+XhbVg3ro68Rq2byYVuntdiKtYDYlEQtv5DORELdX29g6gBlLlO+ma
J29W/8quC9fi8EERG14TRvhh8MJNlQCv5g+Afvqr42zCOBowUFL4q3o06dON2e3v
qhKsEhwcvHH/dR+ixtw1zpSNl6bIdG87C5gxYpWvpjCHpVpVDwLHfRK7GbSS/ioe
Ys2uJwtbB4ZpileCoA4O61alYNLq/zP/gJiKraMbrwfOPfY3dmDIqo6KMniUyFs3
0E0w6AKp2PalsoVxyl6mD0KGFFChWz0AfSE6b3IdlzXC2qOZkWlAKPWxpQMHWdme
HVGXHxrW6aDVk+RGOmIk1dKWDdVqTZJ1Cx1RscrtIQsQwuXqR/STgoqu1hbQ/B4W
/jMak4BICuyfnOzsmuQbIhOWaf8KTIokYfQ92SAEDQl+xRhxqe2VTSCkl0gVE+Yr
KxMoyzyZTYidpWRedUGJiACNjlgogYp3L9xiJjHz2dlQD9r4GTsHXo2CbzV1jYrL
HKqmkz6angoHx3Vw6tffCe9117KFKkOxX8MG3xRMZMfRglRbNd3m8Uo+YGOWcscU
e1mUE+71woj89TquN7cTg5hY5/kRiGwVJBqihSuWzeJsf0LPab9Txv7ipHKuzh84
i8e3Isi3eoZR55ZsU7Jl8QeDIZ2OSNprUy9ldvaI2K4fg/VxpA4=
=hIeN
-----END PGP SIGNATURE-----
Merge 4.19.49 into android-4.19
Changes in 4.19.49
sparc64: Fix regression in non-hypervisor TLB flush xcall
include/linux/bitops.h: sanitize rotate primitives
xhci: update bounce buffer with correct sg num
xhci: Use %zu for printing size_t type
xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
usb: xhci: avoid null pointer deref when bos field is NULL
usbip: usbip_host: fix BUG: sleeping function called from invalid context
usbip: usbip_host: fix stub_dev lock context imbalance regression
USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
USB: sisusbvga: fix oops in error path of sisusb_probe
USB: Add LPM quirk for Surface Dock GigE adapter
USB: rio500: refuse more than one device at a time
USB: rio500: fix memory leak in close after disconnect
media: usb: siano: Fix general protection fault in smsusb
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: smsusb: better handle optional alignment
brcmfmac: fix NULL pointer derefence during USB disconnect
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
tracing: Avoid memory leak in predicate_parse()
Btrfs: fix wrong ctime and mtime of a directory after log replay
Btrfs: fix race updating log root item during fsync
Btrfs: fix fsync not persisting changed attributes of a directory
Btrfs: incremental send, fix file corruption when no-holes feature is enabled
iio: dac: ds4422/ds4424 fix chip verification
iio: adc: ti-ads8688: fix timestamp is not updated in buffer
s390/crypto: fix gcm-aes-s390 selftest failures
s390/crypto: fix possible sleep during spinlock aquired
KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts
powerpc/perf: Fix MMCRA corruption by bhrb_filter
ALSA: line6: Assure canceling delayed work at disconnection
ALSA: hda/realtek - Set default power save node to 0
ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops
KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
drm/nouveau/i2c: Disable i2c bus access after ->fini()
i2c: mlxcpld: Fix wrong initialization order in probe
i2c: synquacer: fix synquacer_i2c_doxfer() return value
tty: serial: msm_serial: Fix XON/XOFF
tty: max310x: Fix external crystal register setup
memcg: make it work on sparse non-0-node systems
kernel/signal.c: trace_signal_deliver when signal_group_exit
arm64: Fix the arm64_personality() syscall wrapper redirection
docs: Fix conf.py for Sphinx 2.0
doc: Cope with the deprecation of AutoReporter
doc: Cope with Sphinx logging deprecations
ima: show rules with IMA_INMASK correctly
evm: check hash algorithm passed to init_desc()
vt/fbcon: deinitialize resources in visual_init() after failed memory allocation
serial: sh-sci: disable DMA for uart_console
staging: vc04_services: prevent integer overflow in create_pagelist()
staging: wlan-ng: fix adapter initialization failure
cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
Revert "lockd: Show pid of lockd for remote locks"
gcc-plugins: Fix build failures under Darwin host
drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages()
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
drm/sun4i: Fix sun8i HDMI PHY clock initialization
drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz
drm/rockchip: shutdown drm subsystem on shutdown
drm/lease: Make sure implicit planes are leased
Compiler Attributes: add support for __copy (gcc >= 9)
include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
Revert "x86/build: Move _etext to actual end of .text"
Revert "binder: fix handling of misaligned binder object"
binder: fix race between munmap() and direct reclaim
x86/ftrace: Do not call function graph from dynamic trampolines
x86/ftrace: Set trampoline pages as executable
x86/kprobes: Set instruction page as executable
scsi: lpfc: Fix backport of faf5a744f4 ("scsi: lpfc: avoid uninitialized variable warning")
of: overlay: validate overlay properties #address-cells and #size-cells
of: overlay: set node fields from properties when add new overlay node
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
Linux 4.19.49
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 096ea522e8 upstream.
Recent versions of sphinx will emit messages like:
Documentation/sphinx/kerneldoc.py:103:
RemovedInSphinx20Warning: app.warning() is now deprecated.
Use sphinx.util.logging instead.
Switch to sphinx.util.logging to make this unsightly message go away.
Alas, that interface was only added in version 1.6, so we have to add a
version check to keep things working with older sphinxes.
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2404dad1f6 upstream.
AutoReporter is going away; recent versions of sphinx emit a warning like:
Documentation/sphinx/kerneldoc.py:125:
RemovedInSphinx20Warning: AutodocReporter is now deprecated.
Use sphinx.util.docutils.switch_source_input() instead.
Make the switch. But switch_source_input() only showed up in 1.7, so we
have to do ugly version checks to keep things working in older versions.
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3bc8088464 upstream.
Our version check in Documentation/conf.py never envisioned a world where
Sphinx moved beyond 1.x. Now that the unthinkable has happened, fix our
version check to handle higher version numbers correctly.
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMDsACgkQONu9yGCS
aT6kjxAAvyKCDNGaQgBXGXe6xvBK7ad+mk+MU6WVycN+PIQzA8zVfR7RcGJgEP8t
65QrePyacMe5bmSgTnUKGz6DpwpWbCMamyftjoaPWIhxDFmQy7FB9ANOVoPDBw49
+jKT30ioBSI6LYQDU4xhxDO01HVEXmmLZquqYDfLoHOMLeXCivfTlM7PQPfxMZzn
fdeLtvfCnfMiftkXZjGqaWoUAnrlTmncQk9nXMcDgxrGy9pHJ6B1WWE5ygqr4Z5s
MaKfHotCSYD/eP8JsyIdJg+iMESv5Z0ZDCjbVslm81fCLeUD6atdnmpYxCphmT7Q
ifN23i4FJrXBX4xLpD9RYzavH3+hQzqb2pt02aBZRW0OLFK0qjYrkdayjwWGOIUI
zK9bgfHiiNKtoyvakQJ09uMhpO2thWeTMh8a6iBLTQ5Koi60adW1l5GrPuTTZYG7
V8xNB2cLsUktDsAr1I/kwrCMlE/oNFgy2La5zMzmELnFTUJRlMAoAGaa1DPcOFLt
QVdT8luJMu+1KTeMZPoK/7QQGszMDTAot4+Ys56KyPQ6zN/rGr2vm7kHYn41FyEp
KXpyeIm0/RKxUysz2Fyx+dL75e4ZhBof+amQ7Kotz6bF45o+ZwJ7THT6XKIOoln5
E7iI5RhQMZ2WuVIHLKa0QFBRn4RPpzie1lwOXWAAF6oqNgewXHw=
=fjPE
-----END PGP SIGNATURE-----
Merge 4.19.47 into android-4.19
Changes in 4.19.47
x86: Hide the int3_emulate_call/jmp functions from UML
ext4: do not delete unlinked inode from orphan list on failed truncate
ext4: wait for outstanding dio during truncate in nojournal mode
f2fs: Fix use of number of devices
KVM: x86: fix return value for reserved EFER
bio: fix improper use of smp_mb__before_atomic()
sbitmap: fix improper use of smp_mb__before_atomic()
Revert "scsi: sd: Keep disk read-only when re-reading partition"
crypto: vmx - CTR: always increment IV as quadword
mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
kvm: svm/avic: fix off-by-one in checking host APIC ID
libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
arm64/kernel: kaslr: reduce module randomization range to 2 GB
arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
gfs2: Fix sign extension bug in gfs2_update_stats
btrfs: don't double unlock on error in btrfs_punch_hole
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
Btrfs: avoid fallback to transaction commit during fsync of files with holes
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
btrfs: sysfs: Fix error path kobject memory leak
btrfs: sysfs: don't leak memory when failing add fsid
udlfb: fix some inconsistent NULL checking
fbdev: fix divide error in fb_var_to_videomode
NFSv4.2 fix unnecessary retry in nfs4_copy_file_range
NFSv4.1 fix incorrect return value in copy_file_range
bpf: add bpf_jit_limit knob to restrict unpriv allocations
brcmfmac: assure SSID length from firmware is limited
brcmfmac: add subtype check for event handling in data path
arm64: errata: Add workaround for Cortex-A76 erratum #1463225
btrfs: honor path->skip_locking in backref code
ovl: relax WARN_ON() for overlapping layers use case
fbdev: fix WARNING in __alloc_pages_nodemask bug
media: cpia2: Fix use-after-free in cpia2_exit
media: serial_ir: Fix use-after-free in serial_ir_init_module
media: vb2: add waiting_in_dqbuf flag
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
bpf: devmap: fix use-after-free Read in __dev_map_entry_free
batman-adv: mcast: fix multicast tt/tvlv worker locking
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
acct_on(): don't mess with freeze protection
Revert "btrfs: Honour FITRIM range constraints during free space trim"
gfs2: Fix lru_count going negative
cxgb4: Fix error path in cxgb4_init_module
NFS: make nfs_match_client killable
IB/hfi1: Fix WQ_MEM_RECLAIM warning
gfs2: Fix occasional glock use-after-free
mmc: core: Verify SD bus width
tools/bpf: fix perf build error with uClibc (seen on ARC)
selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
bpftool: exclude bash-completion/bpftool from .gitignore pattern
dmaengine: tegra210-dma: free dma controller in remove()
net: ena: gcc 8: fix compilation warning
hv_netvsc: fix race that may miss tx queue wakeup
Bluetooth: Ignore CC events not matching the last HCI command
pinctrl: zte: fix leaked of_node references
ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
usb: dwc2: gadget: Increase descriptors count for ISOC's
usb: dwc3: move synchronize_irq() out of the spinlock protected block
ASoC: hdmi-codec: unlock the device on startup errors
powerpc/perf: Return accordingly on invalid chip-id in
powerpc/boot: Fix missing check of lseek() return value
powerpc/perf: Fix loop exit condition in nest_imc_event_init
ASoC: imx: fix fiq dependencies
spi: pxa2xx: fix SCR (divisor) calculation
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
drm/nouveau/bar/nv50: ensure BAR is mapped
media: stm32-dcmi: return appropriate error codes during probe
ARM: vdso: Remove dependency with the arch_timer driver internals
arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
powerpc/watchdog: Use hrtimers for per-CPU heartbeat
sched/cpufreq: Fix kobject memleak
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
scsi: qla2xxx: Fix hardirq-unsafe locking
x86/modules: Avoid breaking W^X while loading modules
Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
btrfs: fix panic during relocation after ENOSPC before writeback happens
btrfs: Don't panic when we can't find a root key
iwlwifi: pcie: don't crash on invalid RX interrupt
rtc: 88pm860x: prevent use-after-free on device remove
rtc: stm32: manage the get_irq probe defer case
scsi: qedi: Abort ep termination if offload not scheduled
s390/kexec_file: Fix detection of text segment in ELF loader
sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
w1: fix the resume command API
s390: qeth: address type mismatch warning
dmaengine: pl330: _stop: clear interrupt status
mac80211/cfg80211: update bss channel on channel switch
libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
ASoC: fsl_sai: Update is_slave_mode with correct value
mwifiex: prevent an array overflow
rsi: Fix NULL pointer dereference in kmalloc
net: cw1200: fix a NULL pointer dereference
nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
nvme-rdma: fix a NULL deref when an admin connect times out
crypto: sun4i-ss - Fix invalid calculation of hash end
bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set
bcache: return error immediately in bch_journal_replay()
bcache: fix failure in journal relplay
bcache: add failure check to run_cache_set() for journal replay
bcache: avoid clang -Wunintialized warning
RDMA/cma: Consider scope_id while binding to ipv6 ll address
vfio-ccw: Do not call flush_workqueue while holding the spinlock
vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
x86/build: Move _etext to actual end of .text
smpboot: Place the __percpu annotation correctly
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
pinctrl: pistachio: fix leaked of_node references
pinctrl: samsung: fix leaked of_node references
clk: rockchip: undo several noc and special clocks as critical on rk3288
perf/arm-cci: Remove broken race mitigation
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
media: coda: clear error return value before picture run
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: au0828: stop video streaming only when last user stops
media: ov2659: make S_FMT succeed even if requested format doesn't match
audit: fix a memory leak bug
media: stm32-dcmi: fix crash when subdev do not expose any formats
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
media: pvrusb2: Prevent a buffer overflow
iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
block: fix use-after-free on gendisk
powerpc/numa: improve control of topology updates
powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
random: fix CRNG initialization when random.trust_cpu=1
random: add a spinlock_t to struct batched_entropy
cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
sched/core: Check quota and period overflow at usec to nsec conversion
sched/rt: Check integer overflow at usec to nsec conversion
sched/core: Handle overflow in cpu_shares_write_u64
staging: vc04_services: handle kzalloc failure
drm/msm: a5xx: fix possible object reference leak
irq_work: Do not raise an IPI when queueing work on the local CPU
thunderbolt: Take domain lock in switch sysfs attribute callbacks
s390/qeth: handle error from qeth_update_from_chp_desc()
USB: core: Don't unbind interfaces following device reset failure
x86/irq/64: Limit IST stack overflow check to #DB stack
drm: etnaviv: avoid DMA API warning when importing buffers
phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
phy: mapphone-mdm6600: add gpiolib dependency
i40e: Able to add up to 16 MAC filters on an untrusted VF
i40e: don't allow changes to HW VLAN stripping on active port VLANs
ACPI/IORT: Reject platform device creation on NUMA node mapping failure
arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
perf/x86/msr: Add Icelake support
perf/x86/intel/rapl: Add Icelake support
perf/x86/intel/cstate: Add Icelake support
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
scsi: libsas: Do discovery on empty PHY to update PHY info
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
mmc_spi: add a status check for spi_sync_locked
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc: sdhci-of-esdhc: add erratum A-009204 support
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
drm/amdgpu: fix old fence check in amdgpu_fence_emit
PM / core: Propagate dev->power.wakeup_path when no callbacks
clk: rockchip: Fix video codec clocks on rk3288
extcon: arizona: Disable mic detect if running when driver is removed
clk: rockchip: Make rkpwm a critical clock on rk3288
s390: zcrypt: initialize variables before_use
x86/microcode: Fix the ancient deprecated microcode loading method
s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
s390: cio: fix cio_irb declaration
selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
qmi_wwan: Add quirk for Quectel dynamic config
cpufreq: ppc_cbe: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: pmac32: fix possible object reference leak
cpufreq: kirkwood: fix possible object reference leak
block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
x86/build: Keep local relocations with ld.lld
drm/pl111: fix possible object reference leak
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
iio: hmc5843: fix potential NULL pointer dereferences
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: adc: ti-ads7950: Fix improper use of mlock
selftests/bpf: ksym_search won't check symbols exists
rtlwifi: fix a potential NULL pointer dereference
mwifiex: Fix mem leak in mwifiex_tm_cmd
brcmfmac: fix missing checks for kmemdup
b43: shut up clang -Wuninitialized variable warning
brcmfmac: convert dev_init_lock mutex to completion
brcmfmac: fix WARNING during USB disconnect in case of unempty psq
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: fix Oops when bringing up interface during USB disconnect
rtc: xgene: fix possible race condition
rtlwifi: fix potential NULL pointer dereference
scsi: ufs: Fix regulator load and icc-level configuration
scsi: ufs: Avoid configuring regulator with undefined voltage range
drm/panel: otm8009a: Add delay at the end of initialization
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
x86/uaccess, signal: Fix AC=1 bloat
x86/ia32: Fix ia32_restore_sigcontext() AC leak
x86/uaccess: Fix up the fixup
chardev: add additional check for minor range overlap
RDMA/hns: Fix bad endianess of port_pd variable
sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
HID: core: move Usage Page concatenation to Main item
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
cxgb3/l2t: Fix undefined behaviour
HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
spi: tegra114: reset controller on probe
kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
media: video-mux: fix null pointer dereferences
media: wl128x: prevent two potential buffer overflows
media: gspca: Kill URBs on USB device disconnect
efifb: Omit memory map check on legacy boot
thunderbolt: property: Fix a missing check of kzalloc
thunderbolt: Fix to check the return value of kmemdup
timekeeping: Force upper bound for setting CLOCK_REALTIME
scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
virtio_console: initialize vtermno value for ports
tty: ipwireless: fix missing checks for ioremap
overflow: Fix -Wtype-limits compilation warnings
x86/mce: Fix machine_check_poll() tests for error types
rcutorture: Fix cleanup path for invalid torture_type strings
x86/mce: Handle varying MCA bank counts
rcuperf: Fix cleanup path for invalid perf_type strings
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
scsi: qla4xxx: avoid freeing unallocated dma memory
scsi: lpfc: avoid uninitialized variable warning
selinux: avoid uninitialized variable warning
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
dmaengine: tegra210-adma: use devm_clk_*() helpers
hwrng: omap - Set default quality
thunderbolt: Fix to check return value of ida_simple_get
thunderbolt: Fix to check for kmemdup failure
drm/amd/display: fix releasing planes when exiting odm
thunderbolt: property: Fix a NULL pointer dereference
e1000e: Disable runtime PM on CNP+
tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
igb: Exclude device from suspend direct complete optimization
media: si2165: fix a missing check of return value
media: dvbsky: Avoid leaking dvb frontend
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
media: staging: davinci_vpfe: disallow building with COMPILE_TEST
drm/amd/display: Fix Divide by 0 in memory calculations
drm/amd/display: Set stream->mode_changed when connectors change
scsi: ufs: fix a missing check of devm_reset_control_get
media: vimc: stream: fix thread state before sleep
media: gspca: do not resubmit URBs when streaming has stopped
media: go7007: avoid clang frame overflow warning with KASAN
media: vimc: zero the media_device on probe
scsi: lpfc: Fix FDMI manufacturer attribute value
scsi: lpfc: Fix fc4type information for FDMI
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
spi: rspi: Fix sequencer reset during initialization
spi: imx: stop buffer overflow in RX FIFO flush
spi: Fix zero length xfer bug
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
drm/v3d: Handle errors from IRQ setup.
drm/drv: Hold ref on parent device during drm_device lifetime
drm: Wake up next in drm_read() chain if we are forced to putback the event
drm/sun4i: dsi: Change the start delay calculation
vfio-ccw: Prevent quiesce function going into an infinite loop
drm/sun4i: dsi: Enforce boundaries on the start delay
NFS: Fix a double unlock from nfs_match,get_client
Linux 4.19.47
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 969f5ea627 upstream.
Revisions of the Cortex-A76 CPU prior to r4p0 are affected by an erratum
that can prevent interrupts from being taken when single-stepping.
This patch implements a software workaround to prevent userspace from
effectively being able to disable interrupts.
Cc: <stable@vger.kernel.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ede95a63b5 upstream.
Rick reported that the BPF JIT could potentially fill the entire module
space with BPF programs from unprivileged users which would prevent later
attempts to load normal kernel modules or privileged BPF programs, for
example. If JIT was enabled but unsuccessful to generate the image, then
before commit 290af86629 ("bpf: introduce BPF_JIT_ALWAYS_ON config")
we would always fall back to the BPF interpreter. Nowadays in the case
where the CONFIG_BPF_JIT_ALWAYS_ON could be set, then the load will abort
with a failure since the BPF interpreter was compiled out.
Add a global limit and enforce it for unprivileged users such that in case
of BPF interpreter compiled out we fail once the limit has been reached
or we fall back to BPF interpreter earlier w/o using module mem if latter
was compiled in. In a next step, fair share among unprivileged users can
be resolved in particular for the case where we would fail hard once limit
is reached.
Fixes: 290af86629 ("bpf: introduce BPF_JIT_ALWAYS_ON config")
Fixes: 0a14842f5a ("net: filter: Just In Time compiler for x86-64")
Co-Developed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzpbCYACgkQONu9yGCS
aT6aJhAAjh1h5q6oRAWZ7k3CTbx7abpi3FwqlGsrinxRkwdDvy6TXTo8gBn0emS0
8TEiQXLm/6M3IGyR8m7w2TGxThyk5xtUqEbxldHwzU/wsZzJ8KegnQUbpmdmJtrh
BnvPygwOSldm8fqNZsFNWNCwt0m9LqPm5m57lHOj4PsxRFkr6jVYjtrynTbyDBus
fT4Dec/jD/0hZbP2aeS5YWNee1ElgiiRewU5q5+Dn8yIDlaX81hkiu+J/EUS/97n
8Irn7Zs7wgjEwVe9xz1SEqAO0TtDH7wgxV2JMcXMRCbj45vmiUPh9IrSqqhvjqbf
Gr36rGyuA2AIlMlzppEgP8ZiL6b5/2+e0mZFVfV4Ck3zThWq/pi8xrNk/AGVbXSA
yE7j7PMVC0Pr9zFOBEsdb6HEOkwy4drGlSWiGkN5jZ5/yexGT4LhEpoMwqSd6tZ8
p12OdVmrEYZyasKOEGyOLFvUWKDT+aClFXcnB0Vi3GNtw6K4aHJU1dtPcpeD+PvO
qMY2ePAj3GXKcg+r4dQPcbO+xEer8JZS/clTXNVwArGMQ/KII6hz2XCeSXe+aVnA
5SJZQnyimgaEev1Y1C7VVYBa4T+S54O+tjvKhv4fuX4vL622rLkUmMJyb2XWNSIC
HagZOcEN7PY9KWqaMiP5GtcumfAUQCtNfXY0QMYhR+9B2Sl2zGg=
=P21c
-----END PGP SIGNATURE-----
Merge 4.19.46 into android-4.19
Changes in 4.19.46
ipv6: fix src addr routing with the exception table
ipv6: prevent possible fib6 leaks
net: Always descend into dsa/
net: avoid weird emergency message
net/mlx4_core: Change the error print to info print
net: test nouarg before dereferencing zerocopy pointers
net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
nfp: flower: add rcu locks when accessing netdev for tunnels
ppp: deflate: Fix possible crash in deflate_init
rtnetlink: always put IFLA_LINK for links with a link-netnsid
tipc: switch order of device registration to fix a crash
vsock/virtio: free packets during the socket release
tipc: fix modprobe tipc failed after switch order of device registration
vsock/virtio: Initialize core virtio vsock before registering the driver
net/mlx5: Imply MLXFW in mlx5_core
net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled
parisc: Export running_on_qemu symbol for modules
parisc: Skip registering LED when running in QEMU
parisc: Use PA_ASM_LEVEL in boot code
parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
stm class: Fix channel free in stm output free path
stm class: Fix channel bitmap on 32-bit systems
brd: re-enable __GFP_HIGHMEM in brd_insert_page()
proc: prevent changes to overridden credentials
Revert "MD: fix lock contention for flush bios"
md: batch flush requests.
md: add mddev->pers to avoid potential NULL pointer dereference
dcache: sort the freeing-without-RCU-delay mess for good.
intel_th: msu: Fix single mode with IOMMU
p54: drop device reference count if fails to enable device
of: fix clang -Wunsequenced for be32_to_cpu()
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
phy: ti-pipe3: fix missing bit-wise or operator when assigning val
media: ov6650: Fix sensor possibly not detected on probe
media: imx: csi: Allow unknown nearest upstream entities
media: imx: Clear fwnode link struct for each endpoint iteration
NFS4: Fix v4.0 client state corruption when mount
PNFS fallback to MDS if no deviceid found
clk: hi3660: Mark clk_gate_ufs_subsys as critical
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
clk: mediatek: Disable tuner_en before change PLL rate
clk: rockchip: fix wrong clock definitions for rk3328
udlfb: delete the unused parameter for dlfb_handle_damage
udlfb: fix sleeping inside spinlock
udlfb: introduce a rendering mutex
fuse: fix writepages on 32bit
fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
ovl: fix missing upper fs freeze protection on copy up for ioctl
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
ceph: flush dirty inodes before proceeding with remount
x86_64: Add gap to int3 to allow for call emulation
x86_64: Allow breakpoints to emulate call instructions
ftrace/x86_64: Emulate call function while updating in breakpoint handler
tracing: Fix partial reading of trace event's id file
memory: tegra: Fix integer overflow on tick value calculation
perf intel-pt: Fix instructions sampling rate
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix sample timestamp wrt non-taken branches
MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled
objtool: Allow AR to be overridden with HOSTAR
fbdev/efifb: Ignore framebuffer memmap entries that lack any memory types
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
PCI: Mark Atheros AR9462 to avoid bus reset
PCI: Init PCIe feature bits for managed host bridge alloc
PCI/AER: Change pci_aer_init() stub to return void
PCI: rcar: Add the initialization of PCIe link in resume_noirq()
PCI: Factor out pcie_retrain_link() function
PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
dm cache metadata: Fix loading discard bitset
dm zoned: Fix zone report handling
dm delay: fix a crash when invalid device is specified
dm integrity: correctly calculate the size of metadata area
dm mpath: always free attached_handler_name in parse_path()
fuse: Add FOPEN_STREAM to use stream_open()
xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
vti4: ipip tunnel deregistration fixes.
xfrm: clean up xfrm protocol checks
esp4: add length check for UDP encapsulation
xfrm: Honor original L3 slave device in xfrmi policy lookup
xfrm4: Fix uninitialized memory read in _decode_session4
clk: sunxi-ng: nkmp: Avoid GENMASK(-1, 0)
power: supply: cpcap-battery: Fix division by zero
securityfs: fix use-after-free on symlink traversal
apparmorfs: fix use-after-free on symlink traversal
PCI: Fix issue with "pci=disable_acs_redir" parameter being ignored
x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012
mac80211: Fix kernel panic due to use of txq after free
net: ieee802154: fix missing checks for regmap_update_bits
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
bpf: Fix preempt_enable_no_resched() abuse
qmi_wwan: new Wistron, ZTE and D-Link devices
iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
sched/cpufreq: Fix kobject memleak
x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
perf bench numa: Add define for RUSAGE_THREAD if not present
perf/x86/intel: Fix race in intel_pmu_disable_event()
Revert "Don't jump to compute_result state from check_result state"
md/raid: raid5 preserve the writeback action after the parity check
driver core: Postpone DMA tear-down until after devres release for probe failure
Revert "selftests/bpf: skip verifier tests for unsupported program types"
bpf: relax inode permission check for retrieving bpf program
bpf: add map_lookup_elem_sys_only for lookups from syscall side
bpf, lru: avoid messing with eviction heuristics upon syscall lookup
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
Linux 4.19.46
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 5467a68cbf upstream.
For lockless accesses to dentries we don't have pinned we rely
(among other things) upon having an RCU delay between dropping
the last reference and actually freeing the memory.
On the other hand, for things like pipes and sockets we neither
do that kind of lockless access, nor want to deal with the
overhead of an RCU delay every time a socket gets closed.
So delay was made optional - setting DCACHE_RCUACCESS in ->d_flags
made sure it would happen. We tried to avoid setting it unless
we knew we need it. Unfortunately, that had led to recurring
class of bugs, in which we missed the need to set it.
We only really need it for dentries that are created by
d_alloc_pseudo(), so let's not bother with trying to be smart -
just make having an RCU delay the default. The ones that do
*not* get it set the replacement flag (DCACHE_NORCU) and we'd
better use that sparingly. d_alloc_pseudo() is the only
such user right now.
FWIW, the race that finally prompted that switch had been
between __lock_parent() of immediate subdirectory of what's
currently the root of a disconnected tree (e.g. from
open-by-handle in progress) racing with d_splice_alias()
elsewhere picking another alias for the same inode, either
on outright corrupted fs image, or (in case of open-by-handle
on NFS) that subdirectory having been just moved on server.
It's not easy to hit, so the sky is not falling, but that's
not the first race on similar missed cases and the logics
for settinf DCACHE_RCUACCESS has gotten ridiculously
convoluted.
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzk4CsACgkQONu9yGCS
aT5Xaw//UWopx4Yqbiv+4HBgW+2ijP4utxI4lBNYITD44jvkyVJnztUtVkWepu5r
Tkl/7zytXOpxbpuhS0xqpWwG7lL5eT4NCG08KSX4lYQVjIWX4YzVkw9gLe9V2AaK
IqTzaWtbuagARbnR3UC65TI4kjRGsr9ldY0AbbGGVTM6IwPquHN9Qd9TAzRwRohn
CxY94Bwp1RcN2sSPkD3nUCUGOSNh97BXyypeM7FyceOzOpyAdQCXoUPc84cPqdNC
4GBkd5Z1IL/7zX3HDjQeGS0KK6e1enslSmsbSSUVuHI90LCr3CZPJkFF8RFnPnff
2RA7bdhp8C1JPeLDimr+SNSLEl9yywoH6d4UQAnBwoLDjiFCEITVgjDtYzzd81+1
ES6lbUAs8v/LXkaCaExq6pNNd1prg6Mj9Fe6cz+G9V/YV1tLUsoAJHdFucu8Sp7w
rwz/PZ6waCf8VRO4aYFF9b+u7PQ/RFZWQYsz22P7PhAYg0CTajV1FWGk1AYi0+wQ
5YCmthbWhDo9U5lAFyQ0pVTXv/UNgEu6MfV1/jKtCk5AzsbE77orj1xusKckHq2e
QojgmELmHMlFFajI0h/ddDo7iwz/5OrPVs9D03RysiOciMzdTKPucPyC0Ah4yEBA
sJ0cQkaVtqO2Nu3E42lfQTpVIqBgi8NGav+kRwryB1YyKeaXLsM=
=HJ7O
-----END PGP SIGNATURE-----
Merge 4.19.45 into android-4.19
Changes in 4.19.45
locking/rwsem: Prevent decrement of reader count before increment
x86/speculation/mds: Revert CPU buffer clear on double fault exit
x86/speculation/mds: Improve CPU buffer clear documentation
objtool: Fix function fallthrough detection
arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller.
ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
mmc: sdhci-of-arasan: Add DTS property to disable DCMDs.
ARM: exynos: Fix a leaked reference by adding missing of_node_put
power: supply: axp288_charger: Fix unchecked return value
power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist
arm64: mmap: Ensure file offset is treated as unsigned
arm64: arch_timer: Ensure counter register reads occur with seqlock held
arm64: compat: Reduce address limit
arm64: Clear OSDLR_EL1 on CPU boot
arm64: Save and restore OSDLR_EL1 across suspend/resume
sched/x86: Save [ER]FLAGS on context switch
crypto: crypto4xx - fix ctr-aes missing output IV
crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
crypto: salsa20 - don't access already-freed walk.iv
crypto: chacha20poly1305 - set cra_name correctly
crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
crypto: vmx - fix copy-paste error in CTR mode
crypto: skcipher - don't WARN on unprocessed data after slow walk step
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
crypto: arm64/gcm-aes-ce - fix no-NEON fallback code
crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto: rockchip - update IV buffer to contain the next IV
crypto: arm/aes-neonbs - don't access already-freed walk.iv
crypto: arm64/aes-neonbs - don't access already-freed walk.iv
mmc: core: Fix tag set memory leak
ALSA: line6: toneport: Fix broken usage of timer for delayed execution
ALSA: usb-audio: Fix a memory leak bug
ALSA: hda/hdmi - Read the pin sense from register when repolling
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
ALSA: hda/realtek - EAPD turn on later
ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14)
ASoC: max98090: Fix restore of DAPM Muxes
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
ASoC: fsl_esai: Fix missing break in switch statement
ASoC: codec: hdac_hdmi add device_link to card device
bpf, arm64: remove prefetch insn in xadd mapping
crypto: ccree - remove special handling of chained sg
crypto: ccree - fix mem leak on error path
crypto: ccree - don't map MAC key on stack
crypto: ccree - use correct internal state sizes for export
crypto: ccree - don't map AEAD key and IV on stack
crypto: ccree - pm resume first enable the source clk
crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend
crypto: ccree - add function to handle cryptocell tee fips error
crypto: ccree - handle tee fips error during power management resume
mm/mincore.c: make mincore() more conservative
mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses
mm/hugetlb.c: don't put_page in lock of hugetlb_lock
hugetlb: use same fault hash key for shared and private mappings
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
userfaultfd: use RCU to free the task struct when fork fails
ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
jbd2: check superblock mapped prior to committing
ext4: make sanity check in mballoc more strict
ext4: ignore e_value_offs for xattrs with value-in-ea-inode
ext4: avoid drop reference to iloc.bh twice
ext4: fix use-after-free race with debug_want_extra_isize
ext4: actually request zeroing of inode table after grow
ext4: fix ext4_show_options for file systems w/o journal
btrfs: Check the first key and level for cached extent buffer
btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails
btrfs: Honour FITRIM range constraints during free space trim
Btrfs: send, flush dellaloc in order to avoid data loss
Btrfs: do not start a transaction during fiemap
Btrfs: do not start a transaction at iterate_extent_inodes()
bcache: fix a race between cache register and cacheset unregister
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
ipmi:ssif: compare block number correctly for multi-part return messages
crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
tty: Don't force RISCV SBI console as preferred console
ext4: zero out the unused memory region in the extent tree block
ext4: fix data corruption caused by overlapping unaligned and aligned IO
ext4: fix use-after-free in dx_release()
ext4: avoid panic during forced reboot due to aborted journal
ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)
ALSA: hda/realtek - Fixup headphone noise via runtime suspend
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
jbd2: fix potential double free
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
KVM: lapic: Busy wait for timer to expire when using hv_timer
kbuild: turn auto.conf.cmd into a mandatory include file
xen/pvh: set xen_domain_type to HVM in xen_pvh_init
libnvdimm/namespace: Fix label tracking error
iov_iter: optimize page_copy_sane()
pstore: Centralize init/exit routines
pstore: Allocate compression during late_initcall()
pstore: Refactor compression initialization
ext4: fix compile error when using BUFFER_TRACE
ext4: don't update s_rev_level if not required
Linux 4.19.45
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 9d8d0294e7 upstream.
On x86_64, all returns to usermode go through
prepare_exit_to_usermode(), with the sole exception of do_nmi().
This even includes machine checks -- this was added several years
ago to support MCE recovery. Update the documentation.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jon Masters <jcm@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Fixes: 04dcbdb805 ("x86/speculation/mds: Clear CPU buffers on exit to user")
Link: http://lkml.kernel.org/r/999fa9e126ba6a48e9d214d2f18dbde5c62ac55c.1557865329.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 88640e1dcd upstream.
The double fault ESPFIX path doesn't return to user mode at all --
it returns back to the kernel by simulating a #GP fault.
prepare_exit_to_usermode() will run on the way out of
general_protection before running user code.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jon Masters <jcm@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Fixes: 04dcbdb805 ("x86/speculation/mds: Clear CPU buffers on exit to user")
Link: http://lkml.kernel.org/r/ac97612445c0a44ee10374f6ea79c222fe22a5c4.1557865329.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Document some things of note to gcov users:
1. GCC gcov and Clang llvm-cov tools are not compatible.
2. The use of GCC vs Clang is transparent at build-time.
Also adjust the documentation to account for the removal of config symbol
CONFIG_GCOV_FORMAT_AUTODETECT by commit 6a61b70b43 ("gcov: remove
CONFIG_GCOV_FORMAT_AUTODETECT").
Link: http://lkml.kernel.org/r/20190318025411.98014-4-trong@android.com
Signed-off-by: Tri Vo <trong@android.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Cc: Daniel Mentz <danielmentz@google.com>
Cc: Greg Hackmann <ghackmann@android.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Petri Gynther <pgynther@google.com>
Cc: Prasad Sodagudi <psodagud@quicinc.com>
Cc: Trilok Soni <tsoni@quicinc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit aa069a23a2)
Bug: 132997968
Test: defconfig + CONFIG_GCOV_KERNEL records coverage
Change-Id: Id9a248d5e6d8fc643300230b2ab2ce902050a6ae
DWC_usb31 peripheral v1.70a-ea06 and prior needs a SW workaround for
isoc START TRANSFER command failure. However, some affected versions may
have RTL patches to fix this without a SW workaround. Add this quirk to
disable the SW workaround when it is not needed.
Synopsys STAR 9001202023: Wrong microframe number for isochronous IN
endpoints.
Change-Id: I402c181b00d3f80e39ef066dc665191706e06ef0
Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: William Wu <william.wu@rock-chips.com>
(cherry picked from commit dd74b96c74)
Add an option to disable USB2 LPM from host. There maybe cases where the
user does not want to enable USB2 LPM (e.g. USB2 LPM is broken).
Change-Id: I7b6b075f7017d84e6416f05cdac1fdbca64c248b
Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: William Wu <william.wu@rock-chips.com>
(cherry picked from commit 5455e15607)
commit 95310e348a upstream
Fix a minor typo in the MDS documentation: "eanbled" -> "enabled".
Reported-by: Jeff Bastian <jbastian@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ea01668f9f upstream
Adjust the last two rows in the table that display possible values when
MDS mitigation is enabled. They both were slightly innacurate.
In addition, convert the table of possible values and their descriptions
to a list-table. The simple table format uses the top border of equals
signs to determine cell width which resulted in the first column being
far too wide in comparison to the second column that contained the
majority of the text.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e672f8bf71 upstream
Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
Sampling Uncacheable Memory (MDSUM) which is a variant of
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
attacks on internal buffers in Intel CPUs.
MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
memory that takes a fault or assist can leave data in a microarchitectural
structure that may later be observed using one of the same methods used by
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
The existing mitigation for MDS applies to MDSUM as well.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 98af845294 upstream
Keeping track of the number of mitigations for all the CPU speculation
bugs has become overwhelming for many users. It's getting more and more
complicated to decide which mitigations are needed for a given
architecture. Complicating matters is the fact that each arch tends to
have its own custom way to mitigate the same vulnerability.
Most users fall into a few basic categories:
a) they want all mitigations off;
b) they want all reasonable mitigations on, with SMT enabled even if
it's vulnerable; or
c) they want all reasonable mitigations on, with SMT disabled if
vulnerable.
Define a set of curated, arch-independent options, each of which is an
aggregation of existing options:
- mitigations=off: Disable all mitigations.
- mitigations=auto: [default] Enable all the default mitigations, but
leave SMT enabled, even if it's vulnerable.
- mitigations=auto,nosmt: Enable all the default mitigations, disabling
SMT if needed by a mitigation.
Currently, these options are placeholders which don't actually do
anything. They will be fleshed out in upcoming patches.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Steven Price <steven.price@arm.com>
Cc: Phil Auld <pauld@redhat.com>
Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d71eb0ce10 upstream
Add the mds=full,nosmt cmdline option. This is like mds=full, but with
SMT disabled if the CPU is vulnerable.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 65fd4cb65b upstream
Move L!TF to a separate directory so the MDS stuff can be added at the
side. Otherwise the all hardware vulnerabilites have their own top level
entry. Should have done that right away.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 22dd836508 upstream
In virtualized environments it can happen that the host has the microcode
update which utilizes the VERW instruction to clear CPU buffers, but the
hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
to guests.
Introduce an internal mitigation mode VMWERV which enables the invocation
of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
system has no updated microcode this results in a pointless execution of
the VERW instruction wasting a few CPU cycles. If the microcode is updated,
but not exposed to a guest then the CPU buffers will be cleared.
That said: Virtual Machines Will Eventually Receive Vaccine
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8a4b06d391 upstream
Add the sysfs reporting file for MDS. It exposes the vulnerability and
mitigation state similar to the existing files for the other speculative
hardware vulnerabilities.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bc1241700a upstream
Now that the mitigations are in place, add a command line parameter to
control the mitigation, a mitigation selector function and a SMT update
mechanism.
This is the minimal straight forward initial implementation which just
provides an always on/off mode. The command line parameter is:
mds=[full|off]
This is consistent with the existing mitigations for other speculative
hardware vulnerabilities.
The idle invocation is dynamically updated according to the SMT state of
the system similar to the dynamic update of the STIBP mitigation. The idle
mitigation is limited to CPUs which are only affected by MSBDS and not any
other variant, because the other variants cannot be mitigated on SMT
enabled systems.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 07f07f55a2 upstream
Add a static key which controls the invocation of the CPU buffer clear
mechanism on idle entry. This is independent of other MDS mitigations
because the idle entry invocation to mitigate the potential leakage due to
store buffer repartitioning is only necessary on SMT systems.
Add the actual invocations to the different halt/mwait variants which
covers all usage sites. mwaitx is not patched as it's not available on
Intel CPUs.
The buffer clear is only invoked before entering the C-State to prevent
that stale data from the idling CPU is spilled to the Hyper-Thread sibling
after the Store buffer got repartitioned and all entries are available to
the non idle sibling.
When coming out of idle the store buffer is partitioned again so each
sibling has half of it available. Now CPU which returned from idle could be
speculatively exposed to contents of the sibling, but the buffers are
flushed either on exit to user space or on VMENTER.
When later on conditional buffer clearing is implemented on top of this,
then there is no action required either because before returning to user
space the context switch will set the condition flag which causes a flush
on the return to user path.
Note, that the buffer clearing on idle is only sensible on CPUs which are
solely affected by MSBDS and not any other variant of MDS because the other
MDS variants cannot be mitigated when SMT is enabled, so the buffer
clearing on idle would be a window dressing exercise.
This intentionally does not handle the case in the acpi/processor_idle
driver which uses the legacy IO port interface for C-State transitions for
two reasons:
- The acpi/processor_idle driver was replaced by the intel_idle driver
almost a decade ago. Anything Nehalem upwards supports it and defaults
to that new driver.
- The legacy IO port interface is likely to be used on older and therefore
unaffected CPUs or on systems which do not receive microcode updates
anymore, so there is no point in adding that.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 04dcbdb805 upstream
Add a static key which controls the invocation of the CPU buffer clear
mechanism on exit to user space and add the call into
prepare_exit_to_usermode() and do_nmi() right before actually returning.
Add documentation which kernel to user space transition this covers and
explain why some corner cases are not mitigated.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6a9e529272 upstream
The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by
clearing the affected CPU buffers. The mechanism for clearing the buffers
uses the unused and obsolete VERW instruction in combination with a
microcode update which triggers a CPU buffer clear when VERW is executed.
Provide a inline function with the assembly magic. The argument of the VERW
instruction must be a memory operand as documented:
"MD_CLEAR enumerates that the memory-operand variant of VERW (for
example, VERW m16) has been extended to also overwrite buffers affected
by MDS. This buffer overwriting functionality is not guaranteed for the
register operand variant of VERW."
Documentation also recommends to use a writable data segment selector:
"The buffer overwriting occurs regardless of the result of the VERW
permission check, as well as when the selector is null or causes a
descriptor load segment violation. However, for lowest latency we
recommend using a selector that indicates a valid writable data
segment."
Add x86 specific documentation about MDS and the internal workings of the
mitigation.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This adds the necessary data for handling efuse on the rk3128.
Change-Id: Ieda973675ff959b3157bb4afe6e1dcdfac65506c
Signed-off-by: Liang Chen <cl@rock-chips.com>
